diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2009-07-31 15:57:46 +0100 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2009-07-31 23:30:42 +0100 |
| commit | 804330120dcbedc754174fdfdf13cf7577a7eba9 (patch) | |
| tree | e0d68b479c7ef43818ca91eedbe78c7d9b4d5b72 /src/guestfs.c | |
| parent | 8647c4ada502d0ce2b940f9e9cd47378d99a9164 (diff) | |
| download | libguestfs-804330120dcbedc754174fdfdf13cf7577a7eba9.tar.gz libguestfs-804330120dcbedc754174fdfdf13cf7577a7eba9.tar.xz libguestfs-804330120dcbedc754174fdfdf13cf7577a7eba9.zip | |
lib: Add selinux=0 to default kernel command line.
SELinux exists in a very disturbed state if it is enabled at
boot time, but no policy is loaded. In particular, it messes
up the security.selinux extended attributes on files in a
not-very-useful way.
We can't enable SELinux because we don't know what policy
can or should be loaded. Therefore it's best to disable it
completely.
Diffstat (limited to 'src/guestfs.c')
| -rw-r--r-- | src/guestfs.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/guestfs.c b/src/guestfs.c index 72cd2f36..63e24f0a 100644 --- a/src/guestfs.c +++ b/src/guestfs.c @@ -1044,7 +1044,8 @@ guestfs_launch (guestfs_h *g) "udevtimeout=300 " /* good for very slow systems (RHBZ#480319) */ \ "noapic " /* workaround for RHBZ#502058 - ok if not SMP */ \ "acpi=off " /* we don't need ACPI, turn it off */ \ - "cgroup_disable=memory " /* saves us about 5 MB of RAM */ + "cgroup_disable=memory " /* saves us about 5 MB of RAM */ \ + "selinux=0 " /* SELinux is messed up if there's no policy */ /* Linux kernel command line. */ snprintf (append, sizeof append, |